@agentsh/secure-sandbox 0.1.0

package/dist/index-D0UvBOzr.d.ts

@@ -0,0 +1,463 @@
+import { z } from 'zod';
+
+declare const FileRuleSchema: z.ZodUnion<[z.ZodObject<{
+    allow: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    allow: string | string[];
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}, {
+    allow: string | string[];
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}>, z.ZodObject<{
+    deny: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    deny: string | string[];
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}, {
+    deny: string | string[];
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}>, z.ZodObject<{
+    redirect: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    to: z.ZodString;
+    ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    redirect: string | string[];
+    to: string;
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}, {
+    redirect: string | string[];
+    to: string;
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}>, z.ZodObject<{
+    audit: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    audit: string | string[];
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}, {
+    audit: string | string[];
+    ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+}>, z.ZodObject<{
+    softDelete: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+}, "strict", z.ZodTypeAny, {
+    softDelete: string | string[];
+}, {
+    softDelete: string | string[];
+}>]>;
+declare const NetworkRuleSchema: z.ZodUnion<[z.ZodObject<{
+    allow: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    ports: z.ZodOptional<z.ZodArray<z.ZodNumber, "many">>;
+}, "strict", z.ZodTypeAny, {
+    allow: string | string[];
+    ports?: number[] | undefined;
+}, {
+    allow: string | string[];
+    ports?: number[] | undefined;
+}>, z.ZodObject<{
+    deny: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+}, "strict", z.ZodTypeAny, {
+    deny: string | string[];
+}, {
+    deny: string | string[];
+}>, z.ZodObject<{
+    redirect: z.ZodString;
+    to: z.ZodString;
+}, "strict", z.ZodTypeAny, {
+    redirect: string;
+    to: string;
+}, {
+    redirect: string;
+    to: string;
+}>]>;
+declare const CommandRuleSchema: z.ZodUnion<[z.ZodObject<{
+    allow: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+}, "strict", z.ZodTypeAny, {
+    allow: string | string[];
+}, {
+    allow: string | string[];
+}>, z.ZodObject<{
+    deny: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+}, "strict", z.ZodTypeAny, {
+    deny: string | string[];
+}, {
+    deny: string | string[];
+}>, z.ZodObject<{
+    redirect: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    to: z.ZodUnion<[z.ZodString, z.ZodObject<{
+        cmd: z.ZodString;
+        args: z.ZodArray<z.ZodString, "many">;
+    }, "strict", z.ZodTypeAny, {
+        cmd: string;
+        args: string[];
+    }, {
+        cmd: string;
+        args: string[];
+    }>]>;
+}, "strict", z.ZodTypeAny, {
+    redirect: string | string[];
+    to: string | {
+        cmd: string;
+        args: string[];
+    };
+}, {
+    redirect: string | string[];
+    to: string | {
+        cmd: string;
+        args: string[];
+    };
+}>]>;
+declare const EnvRuleSchema: z.ZodObject<{
+    commands: z.ZodArray<z.ZodString, "many">;
+    allow: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    deny: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strict", z.ZodTypeAny, {
+    commands: string[];
+    deny?: string[] | undefined;
+    allow?: string[] | undefined;
+}, {
+    commands: string[];
+    deny?: string[] | undefined;
+    allow?: string[] | undefined;
+}>;
+declare const DnsRedirectSchema: z.ZodObject<{
+    match: z.ZodString;
+    resolveTo: z.ZodString;
+}, "strict", z.ZodTypeAny, {
+    match: string;
+    resolveTo: string;
+}, {
+    match: string;
+    resolveTo: string;
+}>;
+declare const ConnectRedirectSchema: z.ZodObject<{
+    match: z.ZodString;
+    redirectTo: z.ZodString;
+}, "strict", z.ZodTypeAny, {
+    match: string;
+    redirectTo: string;
+}, {
+    match: string;
+    redirectTo: string;
+}>;
+declare const PolicyDefinitionSchema: z.ZodObject<{
+    file: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodObject<{
+        allow: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+        ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+    }, "strict", z.ZodTypeAny, {
+        allow: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }, {
+        allow: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }>, z.ZodObject<{
+        deny: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+        ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+    }, "strict", z.ZodTypeAny, {
+        deny: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }, {
+        deny: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }>, z.ZodObject<{
+        redirect: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+        to: z.ZodString;
+        ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+    }, "strict", z.ZodTypeAny, {
+        redirect: string | string[];
+        to: string;
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }, {
+        redirect: string | string[];
+        to: string;
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }>, z.ZodObject<{
+        audit: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+        ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["read", "write", "create", "delete"]>, "many">>;
+    }, "strict", z.ZodTypeAny, {
+        audit: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }, {
+        audit: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    }>, z.ZodObject<{
+        softDelete: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    }, "strict", z.ZodTypeAny, {
+        softDelete: string | string[];
+    }, {
+        softDelete: string | string[];
+    }>]>, "many">>;
+    network: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodObject<{
+        allow: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+        ports: z.ZodOptional<z.ZodArray<z.ZodNumber, "many">>;
+    }, "strict", z.ZodTypeAny, {
+        allow: string | string[];
+        ports?: number[] | undefined;
+    }, {
+        allow: string | string[];
+        ports?: number[] | undefined;
+    }>, z.ZodObject<{
+        deny: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    }, "strict", z.ZodTypeAny, {
+        deny: string | string[];
+    }, {
+        deny: string | string[];
+    }>, z.ZodObject<{
+        redirect: z.ZodString;
+        to: z.ZodString;
+    }, "strict", z.ZodTypeAny, {
+        redirect: string;
+        to: string;
+    }, {
+        redirect: string;
+        to: string;
+    }>]>, "many">>;
+    commands: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodObject<{
+        allow: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    }, "strict", z.ZodTypeAny, {
+        allow: string | string[];
+    }, {
+        allow: string | string[];
+    }>, z.ZodObject<{
+        deny: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+    }, "strict", z.ZodTypeAny, {
+        deny: string | string[];
+    }, {
+        deny: string | string[];
+    }>, z.ZodObject<{
+        redirect: z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>;
+        to: z.ZodUnion<[z.ZodString, z.ZodObject<{
+            cmd: z.ZodString;
+            args: z.ZodArray<z.ZodString, "many">;
+        }, "strict", z.ZodTypeAny, {
+            cmd: string;
+            args: string[];
+        }, {
+            cmd: string;
+            args: string[];
+        }>]>;
+    }, "strict", z.ZodTypeAny, {
+        redirect: string | string[];
+        to: string | {
+            cmd: string;
+            args: string[];
+        };
+    }, {
+        redirect: string | string[];
+        to: string | {
+            cmd: string;
+            args: string[];
+        };
+    }>]>, "many">>;
+    env: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        commands: z.ZodArray<z.ZodString, "many">;
+        allow: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        deny: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, "strict", z.ZodTypeAny, {
+        commands: string[];
+        deny?: string[] | undefined;
+        allow?: string[] | undefined;
+    }, {
+        commands: string[];
+        deny?: string[] | undefined;
+        allow?: string[] | undefined;
+    }>, "many">>;
+    dns: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        match: z.ZodString;
+        resolveTo: z.ZodString;
+    }, "strict", z.ZodTypeAny, {
+        match: string;
+        resolveTo: string;
+    }, {
+        match: string;
+        resolveTo: string;
+    }>, "many">>;
+    connect: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        match: z.ZodString;
+        redirectTo: z.ZodString;
+    }, "strict", z.ZodTypeAny, {
+        match: string;
+        redirectTo: string;
+    }, {
+        match: string;
+        redirectTo: string;
+    }>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    commands?: ({
+        allow: string | string[];
+    } | {
+        deny: string | string[];
+    } | {
+        redirect: string | string[];
+        to: string | {
+            cmd: string;
+            args: string[];
+        };
+    })[] | undefined;
+    file?: ({
+        allow: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        deny: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        redirect: string | string[];
+        to: string;
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        audit: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        softDelete: string | string[];
+    })[] | undefined;
+    network?: ({
+        allow: string | string[];
+        ports?: number[] | undefined;
+    } | {
+        deny: string | string[];
+    } | {
+        redirect: string;
+        to: string;
+    })[] | undefined;
+    env?: {
+        commands: string[];
+        deny?: string[] | undefined;
+        allow?: string[] | undefined;
+    }[] | undefined;
+    dns?: {
+        match: string;
+        resolveTo: string;
+    }[] | undefined;
+    connect?: {
+        match: string;
+        redirectTo: string;
+    }[] | undefined;
+}, {
+    commands?: ({
+        allow: string | string[];
+    } | {
+        deny: string | string[];
+    } | {
+        redirect: string | string[];
+        to: string | {
+            cmd: string;
+            args: string[];
+        };
+    })[] | undefined;
+    file?: ({
+        allow: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        deny: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        redirect: string | string[];
+        to: string;
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        audit: string | string[];
+        ops?: ("read" | "write" | "create" | "delete")[] | undefined;
+    } | {
+        softDelete: string | string[];
+    })[] | undefined;
+    network?: ({
+        allow: string | string[];
+        ports?: number[] | undefined;
+    } | {
+        deny: string | string[];
+    } | {
+        redirect: string;
+        to: string;
+    })[] | undefined;
+    env?: {
+        commands: string[];
+        deny?: string[] | undefined;
+        allow?: string[] | undefined;
+    }[] | undefined;
+    dns?: {
+        match: string;
+        resolveTo: string;
+    }[] | undefined;
+    connect?: {
+        match: string;
+        redirectTo: string;
+    }[] | undefined;
+}>;
+type PolicyDefinition = z.infer<typeof PolicyDefinitionSchema>;
+type FileRule = z.infer<typeof FileRuleSchema>;
+type NetworkRule = z.infer<typeof NetworkRuleSchema>;
+type CommandRule = z.infer<typeof CommandRuleSchema>;
+type EnvRule = z.infer<typeof EnvRuleSchema>;
+type DnsRedirect = z.infer<typeof DnsRedirectSchema>;
+type ConnectRedirect = z.infer<typeof ConnectRedirectSchema>;
+declare function validatePolicy(policy: unknown): PolicyDefinition;
+
+/**
+ * Comprehensive policy for AI coding agents. This is the DEFAULT policy
+ * used when no policy is specified. Based on agentsh v0.13's agent-default
+ * policy.
+ */
+declare function agentDefault(extensions?: Partial<PolicyDefinition>): PolicyDefinition;
+/**
+ * Permissive defaults for local development. Not recommended for production.
+ */
+declare function devSafe(extensions?: Partial<PolicyDefinition>): PolicyDefinition;
+/**
+ * Locked down for CI/CD runners.
+ */
+declare function ciStrict(extensions?: Partial<PolicyDefinition>): PolicyDefinition;
+/**
+ * Maximum restriction for untrusted code. Read-only workspace, no network.
+ */
+declare function agentSandbox(extensions?: Partial<PolicyDefinition>): PolicyDefinition;
+
+/**
+ * Merge policy overrides AFTER base rules for each category.
+ * Since agentsh evaluates first-match-wins, appended rules only apply
+ * to paths not already matched by base.
+ */
+declare function merge(base: PolicyDefinition, ...overrides: Partial<PolicyDefinition>[]): PolicyDefinition;
+/**
+ * Merge policy overrides BEFORE base rules for each category,
+ * making overrides take priority in first-match-wins evaluation.
+ */
+declare function mergePrepend(base: PolicyDefinition, ...overrides: Partial<PolicyDefinition>[]): PolicyDefinition;
+
+/**
+ * Converts a PolicyDefinition to agentsh YAML format.
+ *
+ * Omits empty categories from output.
+ */
+declare function serializePolicy(policy: PolicyDefinition): string;
+/**
+ * Returns the fixed system policy YAML from the spec (Section 9.4).
+ *
+ * This static set of rules protects agentsh's own configuration, binaries,
+ * and processes from tampering by the agent. These rules are written to a
+ * separate system policy directory evaluated before user policy.
+ */
+declare function systemPolicyYaml(): string;
+
+type index_CommandRule = CommandRule;
+type index_ConnectRedirect = ConnectRedirect;
+type index_DnsRedirect = DnsRedirect;
+type index_EnvRule = EnvRule;
+type index_FileRule = FileRule;
+type index_NetworkRule = NetworkRule;
+type index_PolicyDefinition = PolicyDefinition;
+declare const index_PolicyDefinitionSchema: typeof PolicyDefinitionSchema;
+declare const index_agentDefault: typeof agentDefault;
+declare const index_agentSandbox: typeof agentSandbox;
+declare const index_ciStrict: typeof ciStrict;
+declare const index_devSafe: typeof devSafe;
+declare const index_merge: typeof merge;
+declare const index_mergePrepend: typeof mergePrepend;
+declare const index_serializePolicy: typeof serializePolicy;
+declare const index_systemPolicyYaml: typeof systemPolicyYaml;
+declare const index_validatePolicy: typeof validatePolicy;
+declare namespace index {
+  export { type index_CommandRule as CommandRule, type index_ConnectRedirect as ConnectRedirect, type index_DnsRedirect as DnsRedirect, type index_EnvRule as EnvRule, type index_FileRule as FileRule, type index_NetworkRule as NetworkRule, type index_PolicyDefinition as PolicyDefinition, index_PolicyDefinitionSchema as PolicyDefinitionSchema, index_agentDefault as agentDefault, index_agentSandbox as agentSandbox, index_ciStrict as ciStrict, index_devSafe as devSafe, index_merge as merge, index_mergePrepend as mergePrepend, index_serializePolicy as serializePolicy, index_systemPolicyYaml as systemPolicyYaml, index_validatePolicy as validatePolicy };
+}
+
+export { type CommandRule as C, type DnsRedirect as D, type EnvRule as E, type FileRule as F, type NetworkRule as N, type PolicyDefinition as P, type ConnectRedirect as a, PolicyDefinitionSchema as b, agentDefault as c, agentSandbox as d, ciStrict as e, devSafe as f, mergePrepend as g, systemPolicyYaml as h, index as i, merge as m, serializePolicy as s, validatePolicy as v };

package/dist/index-aQ1TVPtG.d.ts

@@ -0,0 +1,16 @@
+import { vercel } from './adapters/vercel.js';
+import { e2b } from './adapters/e2b.js';
+import { daytona } from './adapters/daytona.js';
+import { cloudflare } from './adapters/cloudflare.js';
+import { blaxel } from './adapters/blaxel.js';
+
+declare const index_blaxel: typeof blaxel;
+declare const index_cloudflare: typeof cloudflare;
+declare const index_daytona: typeof daytona;
+declare const index_e2b: typeof e2b;
+declare const index_vercel: typeof vercel;
+declare namespace index {
+  export { index_blaxel as blaxel, index_cloudflare as cloudflare, index_daytona as daytona, index_e2b as e2b, index_vercel as vercel };
+}
+
+export { index as i };

package/dist/index.d.ts

@@ -0,0 +1,77 @@
+import { S as SandboxAdapter, a as SecureConfig, b as SecuredSandbox, T as ThreatFeedsConfig } from './types-BwEbraFo.js';
+export { E as ExecResult, I as InstallStrategy, R as ReadFileResult, c as SecurityMode, d as ThreatFeed, W as WriteFileResult } from './types-BwEbraFo.js';
+export { P as PolicyDefinition, i as policies } from './index-D0UvBOzr.js';
+import { ZodIssue } from 'zod';
+export { i as adapters } from './index-aQ1TVPtG.js';
+import './adapters/vercel.js';
+import './adapters/e2b.js';
+import './adapters/daytona.js';
+import './adapters/cloudflare.js';
+import './adapters/blaxel.js';
+
+declare function secureSandbox(adapter: SandboxAdapter, config?: SecureConfig): Promise<SecuredSandbox>;
+
+/**
+ * Default threat feeds: URLhaus (malware) + Phishing.Database (phishing).
+ * Both are free, open source, and updated frequently.
+ */
+declare const defaultThreatFeeds: ThreatFeedsConfig;
+
+declare class AgentSHError extends Error {
+    constructor(message: string);
+}
+declare class PolicyValidationError extends AgentSHError {
+    readonly issues: ZodIssue[];
+    constructor({ issues }: {
+        issues: ZodIssue[];
+    });
+}
+declare class MissingPeerDependencyError extends AgentSHError {
+    readonly packageName: string;
+    readonly versionRange: string;
+    constructor({ packageName, versionRange, }: {
+        packageName: string;
+        versionRange: string;
+    });
+}
+declare class IncompatibleProviderVersionError extends AgentSHError {
+    readonly installed: string;
+    readonly required: string;
+    readonly packageName: string;
+    constructor({ installed, required, packageName, }: {
+        installed: string;
+        required: string;
+        packageName: string;
+    });
+}
+declare class ProvisioningError extends AgentSHError {
+    readonly phase: string;
+    readonly command: string;
+    readonly stderr: string;
+    constructor({ phase, command, stderr, }: {
+        phase: string;
+        command: string;
+        stderr: string;
+    });
+}
+declare class IntegrityError extends AgentSHError {
+    readonly expected: string;
+    readonly actual: string;
+    constructor({ expected, actual, message, }: {
+        expected: string;
+        actual: string;
+        message?: string;
+    });
+}
+declare class RuntimeError extends AgentSHError {
+    readonly sessionId: string;
+    readonly command: string;
+    readonly stderr: string;
+    constructor({ sessionId, command, stderr, }: {
+        sessionId: string;
+        command: string;
+        stderr: string;
+    });
+}
+
+export { AgentSHError, IncompatibleProviderVersionError, IntegrityError, MissingPeerDependencyError, PolicyValidationError, ProvisioningError, RuntimeError, SandboxAdapter, SecureConfig, SecuredSandbox, ThreatFeedsConfig, defaultThreatFeeds, secureSandbox };